CN113992432A - Message processing method, message bus system, computer device, and storage medium - Google Patents
Message processing method, message bus system, computer device, and storage medium Download PDFInfo
- Publication number
- CN113992432A CN113992432A CN202111593966.7A CN202111593966A CN113992432A CN 113992432 A CN113992432 A CN 113992432A CN 202111593966 A CN202111593966 A CN 202111593966A CN 113992432 A CN113992432 A CN 113992432A
- Authority
- CN
- China
- Prior art keywords
- message
- encryption
- national
- secret
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a message processing method, a message bus system, computer equipment and a storage medium, and relates to the technical field of encryption. The message processing method comprises the following steps: and adopting a message generating node on a message bus system, calling national encryption hardware, carrying out national encryption on messages generated by each message source in at least one message source to obtain national encryption messages, and transmitting the national encryption messages to a message distributing node on the message bus system. And the message distribution node distributes the national-secret encrypted message to the corresponding message using node. The method and the device have the advantages that the information is encrypted by using the national encryption hardware, the encryption efficiency is high, and the problems that the encryption algorithm based on software occupies more system resources and the encryption efficiency is low are solved. In addition, a national cryptographic algorithm with higher security is introduced for data encryption, and the encryption strength and the operation performance of the method are superior to those of the international universal algorithms of the same kind.
Description
Technical Field
The present invention relates to the field of encryption technologies, and in particular, to a message processing method, a message bus system, a computer device, and a storage medium.
Background
The rapid development of informatization puts higher requirements on information communication security, and messages without encryption or with low encryption technology can cause serious information security threats.
The existing message bus encryption method adopts the hypertext transfer protocol to encrypt based on the international universal encryption algorithm when generally adopting the message intermedium. With the discovery of serious loopholes of international universal encryption algorithms in recent years, more and more international universal encryption algorithms are frequently transmitted to be cracked and attacked, and the international universal encryption algorithms have higher security risk. In addition, the encryption algorithm implemented based on software has a problem of low encryption efficiency.
Disclosure of Invention
The present invention provides a message processing method, a message bus system, a computer device and a storage medium for improving the efficiency and security of message encryption.
In order to achieve the above purpose, the technical solutions adopted in the embodiments of the present application are as follows:
in a first aspect, an embodiment of the present application provides a message processing method, where the method includes:
adopting a message generating node on a message bus system, calling national encryption hardware, and carrying out national encryption on messages generated by each message source in at least one message source to obtain national encryption messages;
transmitting the national-secret encryption message to a message distribution node on the message bus system by adopting the message generation node;
and distributing the national-secret encryption message to a corresponding message using node by adopting a message distributing node on the message bus system.
Optionally, the using a message generation node on a message bus system to invoke cryptographic hardware, and performing cryptographic encryption on a message generated by each message source in at least one message source to obtain a cryptographic message includes:
adopting the message generating node, calling a national cryptographic algorithm in the national cryptographic hardware, and encrypting national cryptographic data of the message generated by the first message source;
and obtaining the national secret encryption message by adopting the message generation node according to the message after the national secret data encryption.
Optionally, obtaining, by using the message generating node, the encrypted national-secret message according to the message encrypted by the national-secret data includes:
and calling a country secret certificate in the country secret hardware by adopting the message generating node, and carrying out country secret communication encryption on the message after the country secret data is encrypted to obtain the country secret encrypted message.
Optionally, the using the message generating node to call a cryptographic algorithm in the cryptographic hardware to encrypt cryptographic data of the message generated by the first message source includes:
and performing service processing on the message generated by the first message source by adopting the data access service in the message generation node, calling a state cipher algorithm in the state cipher hardware by adopting the data access service, and performing state cipher data encryption on the message subjected to service processing.
Optionally, the using the message generating node to call a country secret certificate in the country secret hardware, and perform country secret communication encryption on the message after the country secret data is encrypted to obtain the country secret encrypted message includes:
and adopting the data access service in the message generation node, calling a country secret certificate in the country secret hardware, and carrying out country secret communication encryption on the message after the country secret data is encrypted to obtain the country secret encrypted message.
Optionally, the using the message generating node to call a country secret certificate in the country secret hardware, and perform country secret communication encryption on the message after the country secret data is encrypted to obtain the country secret encrypted message includes:
and calling a country secret certificate in the country secret hardware by adopting a proxy component in the message generating node, wherein the proxy component is matched with the data access service, and carrying out country secret communication encryption on the message after the country secret data is encrypted to obtain the country secret encrypted message.
Optionally, the using a message generation node on a message bus system to invoke cryptographic hardware, and performing cryptographic encryption on a message generated by each message source in at least one message source to obtain a cryptographic message includes:
and calling a national secret certificate in the national secret hardware by adopting the message generating node, and carrying out national secret communication encryption on the message generated by the second message source to obtain the national secret encryption message.
In a second aspect, an embodiment of the present application further provides a message bus system, where the message bus system includes: at least one message generating node, a message distributing node and at least one message using node;
each message generation node is used for calling national encryption hardware, carrying out national encryption on messages generated in each message source to obtain national encryption messages, and transmitting the national encryption messages to the message distribution node;
the message distribution node is used for distributing the national encryption message to the corresponding message using node.
In a third aspect, an embodiment of the present application further provides a computer device, including: a processor, a storage medium and a bus, the storage medium storing program instructions of a message bus system executable by the processor, the processor and the storage medium communicating via the bus when the computer device is running, the processor executing the program instructions to perform the steps of the message processing method according to any one of the first aspect when executed.
In a fourth aspect, the present application further provides a computer-readable storage medium, where the storage medium stores a computer program, and the computer program is executed by a processor to perform the steps of the cryptographic hardware encryption method according to any one of the first aspect.
The beneficial effect of this application is: in summary, an embodiment of the present application provides a message processing method, which includes using a message generation node on a message bus system, calling a national encryption hardware, performing national encryption on a message generated by each message source in at least one message source to obtain a national encryption message, and transmitting the national encryption message to a message distribution node on the message bus system. And the message distribution node distributes the national-secret encrypted message to the corresponding message using node. The method and the device have the advantages that the information is encrypted by using the national encryption hardware, the encryption efficiency is high, and the problems that the encryption algorithm based on software occupies more system resources and the encryption efficiency is low are solved. In addition, a national cryptographic algorithm with higher security is introduced for data encryption, and the encryption strength and the operation performance of the method are superior to those of the international universal algorithms of the same kind.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
FIG. 1 is a schematic diagram of a message bus system according to an embodiment of the present application;
fig. 2 is a flowchart of a message processing method according to an embodiment of the present application;
fig. 3 is a flowchart of acquiring a national-secret encryption message in a message processing method according to another embodiment of the present application;
FIG. 4 is a schematic diagram of another message bus system provided in an embodiment of the present application;
fig. 5 is a schematic diagram of a computer device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention.
In this application, unless explicitly stated or limited otherwise, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one feature. In the description of the present invention, "a plurality" means at least two, for example, two, three, unless specifically defined otherwise. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The message processing method of the present application may be applied to a message bus system, or a computer device that can execute program instructions of the message bus system, where the computer device may be, for example, a desktop computer, a notebook computer, a server, and the like, and the present application is not limited thereto.
The message bus system will be explained first.
Embodiments of the present application provide possible implementation examples of a message bus system, which can execute the message processing method provided in the following embodiments. Fig. 1 is a schematic diagram of a message bus system according to an embodiment of the present application. As shown in fig. 1, the message bus system includes: at least one message generating node 11, a message distributing node 13, and at least one message using node 15;
each message generation node 11 is configured to invoke national security hardware, perform national security encryption on a message generated in each message source to obtain a national security encryption message, and transmit the national security encryption message to the message distribution node 13;
and the message distribution node 13 is used for distributing the encrypted message to the corresponding message using node 15.
In the present application, the national cryptographic encryption refers to encryption using a national cryptographic algorithm, and the national cryptographic algorithm is widely used in data encryption such as various security certificates, internet banking, and digital signatures as a domestic cryptographic algorithm recognized by the international code agency. International business code management offices have established a series of cryptographic algorithm standards including SSF3, SM1, SM2, SM3, SM4, SM7, grand bust cryptographic algorithm standards, and the like. Because the research and development of the national cryptographic algorithm in the scientific research field are invested greatly, the research and development level is mature, and the national cryptographic algorithm is successful, the safety and the practicability of the national cryptographic algorithm are better, and the safety and the reliability of the message can be strictly guaranteed by encrypting and transmitting the message by adopting the national cryptographic algorithm.
It should be noted that the cryptographic hardware is hardware that encapsulates a cryptographic algorithm, a cryptographic certificate, and the like by a hardware engine and is capable of providing a call interface for the message bus system. In one possible implementation, the cryptographic hardware has the functionality to generate encryption keys, backup them and direct them to other devices via the message bus. The cryptographic hardware may be accessed into the message Bus system by, for example, a high-speed Serial component interconnect express (PCIE), a Serial Advanced Technology Attachment (SATA), a Universal Serial Bus (USB), a Serial Peripheral Interface (SPI), and the like, which are only examples, and the present application does not limit the specific form and content of the cryptographic hardware, the access method of the cryptographic hardware and the message Bus system, and the like.
It should be further noted that, in the message bus system, the message generating node serves as a message access source, and can access various types of message sources, for example: files, components, service data, log management (rsyslog), etc., which are not limited in this application. In addition, the message generating node can perform national encryption on the received message by calling national encryption hardware to obtain a national encryption message, and transmits the national encryption message to the message distributing node.
The existing message distribution node is generally based on the https protocol, the security of the transmission process is ensured through transmission encryption and identity authentication on the basis of http, the encryption algorithm of the existing message distribution node depends on an international universal encryption algorithm (such as openssl (a cryptology-based security development kit)), and an international universal encryption algorithm library (especially an openssl algorithm library).
In the application, after receiving the encrypted message transmitted by the message generating node, the message distributing node (or called server) distributes the encrypted message to the corresponding message using node (or called consumer). It should be noted that, one message distribution node may distribute the secret encryption message to one or more message usage nodes, and the present application does not limit the specific mapping relationship between the message usage node and the message distribution node, and in a possible implementation manner, the message distribution node may distribute the secret encryption message to the message usage node corresponding to the message according to the message type, the message source type, the message content, and the like.
The nodes may be one or more integrated circuits configured to implement the above methods, for example: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), among others. For another example, when one of the above nodes is implemented in the form of a Processing element scheduler code, the Processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor capable of calling program code. For another example, the nodes may be integrated together and implemented in the form of a system-on-a-chip (SOC).
By adjusting the architecture of the message bus system, the adaptability of the message bus system to the cryptographic algorithm is enhanced, and the performance of the message bus system is improved.
The following describes a message processing method and the like executed by the message bus system provided in the present application.
Fig. 2 is a flowchart of a message processing method according to an embodiment of the present application; as shown in fig. 2, the method includes:
step 201: and calling the national encryption hardware by adopting a message generating node on a message bus system, and carrying out national encryption on the message generated by each message source in at least one message source to obtain a national encryption message.
It should be noted that the message generation node may support file log processing, support message queue access, support multiple data sources (files, components, service data, log management (rsyslog), etc.) to access through an http/https manner, and the like. The above is merely an example, and the present application does not limit the specific functions of the message generating node, and a user may develop and expand the functions of the message generating node according to actual needs.
In a possible implementation manner, for example, the data source may report in a reporting manner based on an http protocol (hypertext transfer protocol)/https protocol (http channel targeting security), and a user may set a data processing logic of the message generating node in a user-defined manner according to a use requirement, and implement processing of a message of the message source in a manner of configuring a script and the like, or may not process the message of the message source in a manner of configuring a script and the like.
In a possible implementation manner, for a message generation node facing a specific user or a message generation node developed according to the user requirement, an interface for message encryption in the message generation node may be set in the development process, so that the interface is matched with an interface of the national cryptographic hardware, thereby implementing the call of the message generation node to the national cryptographic hardware.
In another possible implementation manner, for a message generation node not specific to a specific user or an open source message generation node, the interface of message encryption in the message generation node is modified to match the interface with the interface of the cryptographic hardware, so as to realize the call of the message generation node to the cryptographic hardware.
In another possible implementation manner, the message generation module may perform processing on messages of multiple message sources, and report the processed messages in an http reporting manner, because the http reporting manner is currently a common reporting manner, the http reporting manner has general applicability, and the processed messages are reported in an http form, which may reduce changes to components and subsequent data services, reduce the complexity of adaptation work, and improve the performance and scalability of a message bus system.
The foregoing is merely an example, and in an actual implementation, the message generating node may also have other forms for invoking the cryptographic hardware, which is not limited in this application.
Step 202: and transmitting the national secret encryption message to a message distribution node on a message bus system by adopting the message generation node.
And the message generating node transmits the encrypted national-secret encryption message to the message distribution node for the next transmission processing of the message distribution node.
Step 203: and distributing the national-secret encrypted message to a corresponding message using node by adopting a message distributing node on a message bus system.
The message distribution node distributes the national-secret encryption message to the corresponding message use node, and it should be noted that the message distribution node may directly distribute the national-secret encryption message to the message use node, or may distribute the national-secret encryption message after processing (for example, compression processing, etc.).
In summary, an embodiment of the present application provides a message processing method, which includes using a message generation node on a message bus system, calling a national encryption hardware, performing national encryption on a message generated by each message source in at least one message source to obtain a national encryption message, and transmitting the national encryption message to a message distribution node on the message bus system. And the message distribution node distributes the national-secret encrypted message to the corresponding message using node. The encryption algorithm comprises a plurality of complex operations on bit strings, the encryption method of the hardware adopted by the invention encrypts the message through the national secret hardware, the encryption efficiency is high, the problems that the encryption algorithm based on software occupies more system resources and the encryption efficiency is low are solved, in addition, the encryption algorithm realizes physical protection through the hardware, is not easy to be tampered by attackers by utilizing various debugging tools, and the multi-dimensional protection such as hardware identity authentication, password protection and the like can be added. In addition, a national cryptographic algorithm with higher security is introduced for data encryption, and the encryption strength and the operation performance of the method are superior to those of the international universal algorithms of the same kind.
Optionally, on the basis of fig. 2, the present application further provides a possible implementation manner for obtaining a national-secret encryption message in a message processing method, and fig. 3 is a flowchart for obtaining a national-secret encryption message in a message processing method according to another embodiment of the present application; as shown in fig. 3, when a message generation node on a message bus system is used to invoke cryptographic hardware, and a message generated by each message source in at least one message source is subjected to cryptographic processing to obtain a cryptographic message, the method includes:
step 301: and adopting a message generating node, calling a national secret algorithm in national secret hardware, and encrypting national secret data of the message generated by the first message source.
It should be noted that, because the message sources are different or the reporting types in the message sources are different, the manner of calling the cryptographic algorithm in the cryptographic hardware may be different, and in a specific implementation manner, the message generation node has the message reported based on http/https, and the cryptographic algorithm in the cryptographic hardware may be called in different manners, for example, for the message reported based on http, the cryptographic algorithm in the cryptographic hardware may be directly called to implement cryptographic of the message, that is, cryptographic data encryption of the cryptographic data; for the information reported based on https, the interface for encrypting data in https can be modified into the encryption interface of the national secret hardware from the original data encryption interface (for example, the encryption interface pointing to a cryptology-based security development kit openssl), so as to encrypt the reported information, that is, encrypt the national secret data.
Step 302: and obtaining the national secret encryption message by adopting the message generation node according to the message after the national secret data encryption.
And the message generation node encrypts the message according to the national secret data to obtain the national secret encrypted message.
The national secret algorithm in the national secret hardware is called to encrypt the national secret data of the message of the first message source, so that the national secret encryption setting of each message source in the plurality of message sources is realized, and the applicability of the message processing method is improved.
Optionally, on the basis of fig. 3, the present application further provides a possible implementation manner for obtaining a national-secret encryption message in the message processing method, where when the message generation node obtains the national-secret encryption message according to a message obtained by encrypting the national-secret data, the method includes:
and calling a national secret certificate in national secret hardware by adopting a message generating node, and carrying out national secret communication encryption on the message subjected to the national secret data encryption to obtain a national secret encryption message.
In order to further enhance the security of message processing in the present application, besides the security risk of the message, the security risk also exists in the transmission of the message, and therefore, the message transmission needs to be encrypted.
It should be noted that, the message generating node may implement cryptographic communication encryption on the message by invoking the cryptographic hardware and importing the cryptographic certificate, and in a possible implementation manner, the user may replace the cryptographic certificate with another type of cryptographic certificate, so as to implement other types of communication encryption, which is not limited in this application.
Therefore, the message production node not only realizes the national secret encryption of the message, but also realizes the national secret communication encryption of the communication, further ensures the safety of the message and the message in the transmission process, and improves the safety of the message processing method.
Optionally, on the basis of fig. 2, the present application further provides a possible implementation manner for performing national encryption on a message in the message processing method, and fig. 4 is a schematic diagram of another message bus system provided in an embodiment of the present application, as shown in fig. 4, a message generating node includes a data access service and an agent component. When a message generating node is adopted and a national secret algorithm in national secret hardware is called to encrypt national secret data of a message generated by a first message source, the method comprises the following steps:
and performing service processing on the message generated by the first message source by adopting a data access service in the message generating node, and performing state-secret data encryption on the message subjected to service processing by adopting a state-secret algorithm in state-secret hardware called by the data access service.
The message generating node encrypts the national secret data, and it should be noted that the message generating node may encrypt the national secret data of the message source directly, or may encrypt the national secret data after performing service processing on the message of the message source through the data access service, where the service processing may be, for example, cleaning, screening, and calculating of the message.
Through the data access service, after the message of the message source is subjected to service processing, the national secret data encryption is carried out, so that the link of message processing and message encryption is realized, and the message processing method has a wider application range.
Optionally, on the basis of the foregoing embodiment, the present application further provides a possible implementation manner of a message processing method for encryption of national secret communication, where a message generation node is adopted, a national secret certificate in national secret hardware is called, and a message obtained by encrypting national secret data is encrypted by national secret communication, so that when a national secret encrypted message is obtained, the method includes:
and adopting data access service in the message generation node, calling a national secret certificate in national secret hardware, and carrying out national secret communication encryption on the message subjected to national secret data encryption to obtain a national secret encryption message.
Through the data access service in the message generation node, after the message generated by the first message source is subjected to service processing and state secret data encryption, a state secret certificate in state secret hardware can be called based on the data access service, and the state secret communication encryption is performed on the message subjected to state secret data encryption.
It should be noted that, the data access service, by calling the country secret hardware, introduces a country secret certificate to implement country secret communication encryption of a message after encrypting country secret data, and in a possible implementation manner, a user may replace the country secret certificate with another type of encryption certificate to implement other types of communication encryption, which is not limited in this application.
Therefore, the data access service not only realizes the national secret encryption of the message, but also realizes the national secret communication encryption of the communication, and the message encryption and the communication encryption are integrated, so that the functions of the data access service are enriched, the message of the message source can be doubly encrypted after passing through the data access system, and the efficiency and the safety of the message processing method are improved.
Optionally, on the basis of the foregoing embodiment, the present application further provides a possible implementation manner of a message processing method for encryption of national secret communication, where a message generation node is adopted, a national secret certificate in national secret hardware is called, and a message obtained by encrypting national secret data is encrypted by national secret communication, so that when a national secret encrypted message is obtained, the method includes:
and calling a country secret certificate in country secret hardware by adopting a proxy component matched with the data access service in the message generation node, and carrying out country secret communication encryption on the message subjected to country secret data encryption to obtain a country secret encryption message.
In a possible implementation manner, for a data access service of a message generation node facing a specific user or a message generation node developed according to a user requirement, after performing service processing and country secret data encryption on a message generated by a first message source through the data access service in the message generation node, the message after the country secret data encryption can be reported to a proxy component adapted to the data access service, and the proxy component can call a country secret certificate in country secret hardware and then perform country secret communication encryption on the message after the country secret data encryption.
Therefore, the data access service encrypts the national secret data of the message source, the proxy component encrypts the national secret communication of the message after the national secret data is encrypted, the national secret data encryption and the national secret communication encryption are respectively realized through the data access service and the proxy component matched with the data access service, and the robustness of the message encryption is improved.
In another possible implementation, the data access service is usually based on http protocol (hypertext transfer protocol) or https protocol (http channel targeted for security) due to the existing message bus system. The data access service based on the http protocol does not encrypt the communication process in the process of reporting the message to the corresponding message using node, and if the message is not encrypted, the message is exposed in the network in a plaintext form in the transmission process, so that great message safety hazards are generated.
In the application, for a data access service (for example, an open source component or an open source system in a message generation node) of a message generation node or an open source message generation node not specific to a specific user, because a coding language is not unique, and reporting interfaces are different, after a message generated by a first message source is subjected to service processing and encrypted with national secret data through the data access service in the message generation node, the encrypted message with the national secret data can be reported to an agent component in a unified reporting mode, for example, in an http reporting mode, and the encrypted message with the national secret data can be reported to the agent component adapted to the data access service, and the agent component can call a national secret certificate in national secret hardware and then perform national secret communication encryption on the encrypted message with the national secret data.
In a specific implementation manner, the configuration file of the proxy component may configure a monitoring port, forward information such as a destination port, a protocol type, a certificate, and forward a message encrypted with the cryptographic data reported by the data access service. In addition, the agent component may also determine a communication process reported to the message distribution node according to the configured protocol type, for example, the communication mode may be: http, https based on a cryptographic algorithm, and the like.
The message data access service processes and reports the message source, and then the agent component performs national secret communication encryption, so that national secret encryption in the communication process is ensured, and changes to the component and the data service are reduced, so that the whole system has high expansibility, can adapt to complex production environment requirements, is reasonably combined for use, facilitates access and formatted output of more types of messages, and reduces secondary development work brought by message source expansion.
Optionally, on the basis of the foregoing embodiments, the present application further provides a possible implementation manner for performing national encryption on a message in a message processing method, where a message generation node on a message bus system is adopted, national encryption hardware is called, and national encryption is performed on a message generated by each message source in at least one message source, so as to obtain a national encryption message, and the method includes:
and calling a national secret certificate in national secret hardware by adopting the message generating node, and carrying out national secret communication encryption on the message generated by the second message source to obtain a national secret encryption message.
On the basis of the above embodiments, the message of the second message source may also be directly encrypted by national secret communication, so as to obtain a national secret encrypted message.
In a possible implementation manner, when the accessed message source is a component or service supporting http reporting, if the service processing or encryption of the message is not required, the message generated by the second message source can be encrypted by the message generation node through the national secret communication by calling the national secret certificate in the national secret hardware.
In a specific implementation manner, the message is encrypted for national secret communication and then reported to the message distribution node through proxy service of the message generation node. For example, the message source is the message queue nsq, the reporting mode of the message is reporting in http form, and the message source does not need to process or encrypt the national secret data, and then the message source can forward the message to the proxy service (for example, the listening port of the proxy service) to encrypt the national secret communication. For another example, the message service developed based on java language supports http reporting and does not make national cryptographic algorithm adaptation, and national cryptographic communication encryption can be directly realized through proxy service. For example, the data collector (such as logstack) itself supports the collection of multiple types of messages and carries out formatted output, and the reporting mode supports http reporting, so that the encryption of national secret communication can be directly realized through proxy service, and in addition, under the condition that the messages are not subjected to complex processing, the data access service can be replaced, and the replacement of components is realized. In addition, the message processing method provided by the application and the message generating node can support direct access of three-party components, such as message queues of kafka, nsq and the like.
It should be further noted that the data access service and the proxy service of the message bus rely on the national cryptographic algorithm and the national cryptographic certificate provided by the national cryptographic hardware to implement the national cryptographic algorithm encryption and the national cryptographic communication encryption of the message, and since the two services can support the same reporting mode, for example, the https communication mode based on the national cryptographic algorithm, the purpose of introducing the national cryptographic algorithm encryption into the message bus is achieved, and because of the diversity of the access modes, the two services can meet the message access of multiple types of messages and message queues required at present in different combination forms, and meet the requirements of multiple scenes and services.
For the following description, specific implementation procedures and technical effects of the computer device and the storage medium provided in the present application are described above, and will not be described again below.
The embodiment of the present application provides a possible implementation example of a computer device, which is capable of executing the message processing method provided by the foregoing embodiment. Fig. 5 is a schematic diagram of a computer device according to an embodiment of the present application, where the computer device may be integrated in a terminal device or a chip of the terminal device, and the terminal may be a computing device with a data processing function.
The computer device includes: a processor 501, a storage medium 502 and a bus, the storage medium storing program instructions of a message bus system executable by the processor, the processor and the storage medium communicating via the bus when controlling the computer device to run, the processor executing the program instructions to perform the steps of the message processing method. The specific implementation and technical effects are similar, and are not described herein again.
The embodiment of the present application provides a possible implementation example of a computer-readable storage medium, which is capable of executing the message processing method provided by the above embodiment, and the storage medium stores a computer program, and the computer program is executed by a processor to execute the steps of the message processing method.
A computer program stored in a storage medium may include instructions for causing a computer device (which may be a personal computer, a server, or a network device) or a processor (which may be a processor) to perform some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method of message processing, the method comprising:
adopting a message generating node on a message bus system, calling national encryption hardware, and carrying out national encryption on messages generated by each message source in at least one message source to obtain national encryption messages;
transmitting the national-secret encryption message to a message distribution node on the message bus system by adopting the message generation node;
and distributing the national-secret encryption message to a corresponding message using node by adopting a message distributing node on the message bus system.
2. The method of claim 1, wherein the using a message generation node on a message bus system to invoke cryptographic hardware to perform cryptographic encryption on messages generated by each message source in at least one message source to obtain a cryptographic message comprises:
adopting the message generating node, calling a national cryptographic algorithm in the national cryptographic hardware, and encrypting national cryptographic data of the message generated by the first message source;
and obtaining the national secret encryption message by adopting the message generation node according to the message after the national secret data encryption.
3. The method according to claim 2, wherein obtaining the national secret encrypted message by using the message generating node according to the message encrypted by the national secret data comprises:
and calling a country secret certificate in the country secret hardware by adopting the message generating node, and carrying out country secret communication encryption on the message after the country secret data is encrypted to obtain the country secret encrypted message.
4. The method of claim 2, wherein said using said message generation node to invoke a cryptographic algorithm in said cryptographic hardware to encrypt cryptographic data of a message generated by a first message source comprises:
and performing service processing on the message generated by the first message source by adopting the data access service in the message generation node, calling a state cipher algorithm in the state cipher hardware by adopting the data access service, and performing state cipher data encryption on the message subjected to service processing.
5. The method according to claim 3, wherein the using the message generation node to call a country secret certificate in the country secret hardware, and perform country secret communication encryption on the message after the country secret data encryption to obtain the country secret encrypted message comprises:
and adopting the data access service in the message generation node, calling a country secret certificate in the country secret hardware, and carrying out country secret communication encryption on the message after the country secret data is encrypted to obtain the country secret encrypted message.
6. The method according to claim 3, wherein the using the message generation node to call a country secret certificate in the country secret hardware, and perform country secret communication encryption on the message after the country secret data encryption to obtain the country secret encrypted message comprises:
and calling a country secret certificate in the country secret hardware by adopting a proxy component in the message generating node, wherein the proxy component is matched with the data access service, and carrying out country secret communication encryption on the message after the country secret data is encrypted to obtain the country secret encrypted message.
7. The method according to any one of claims 1 to 6, wherein the using a message generation node on a message bus system to invoke cryptographic hardware to perform cryptographic encryption on a message generated by each message source in at least one message source to obtain a cryptographic message comprises:
and calling a national secret certificate in the national secret hardware by adopting the message generating node, and carrying out national secret communication encryption on the message generated by the second message source to obtain the national secret encryption message.
8. A message bus system, comprising: at least one message generating node, a message distributing node and at least one message using node;
each message generation node is used for calling national encryption hardware, carrying out national encryption on messages generated in each message source to obtain national encryption messages, and transmitting the national encryption messages to the message distribution node;
the message distribution node is used for distributing the national encryption message to the corresponding message using node.
9. A computer device, comprising: a processor, a storage medium and a bus, the storage medium storing program instructions of a message bus system executable by the processor, the processor and the storage medium communicating via the bus when the computer device is running, the processor executing the program instructions to perform the steps of the message processing method according to any one of claims 1 to 7 when executed.
10. A computer-readable storage medium, characterized in that the storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of the cryptographic hardware encryption method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111593966.7A CN113992432A (en) | 2021-12-24 | 2021-12-24 | Message processing method, message bus system, computer device, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111593966.7A CN113992432A (en) | 2021-12-24 | 2021-12-24 | Message processing method, message bus system, computer device, and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113992432A true CN113992432A (en) | 2022-01-28 |
Family
ID=79734229
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111593966.7A Pending CN113992432A (en) | 2021-12-24 | 2021-12-24 | Message processing method, message bus system, computer device, and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113992432A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114553594A (en) * | 2022-03-24 | 2022-05-27 | 浙江网商银行股份有限公司 | Method and device for protecting data security |
| CN114756495A (en) * | 2022-06-16 | 2022-07-15 | 中国人民解放军国防科技大学 | Operating system based on layered message soft bus model and implementation method |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105871873A (en) * | 2016-04-29 | 2016-08-17 | 国家电网公司 | Security encryption authentication module for power distribution terminal communication and method thereof |
| CN107181716A (en) * | 2016-03-10 | 2017-09-19 | 上海传真通信设备技术研究所有限公司 | A kind of secure communication of network system and method based on national commercial cipher algorithm |
| CN109040318A (en) * | 2018-09-25 | 2018-12-18 | 网宿科技股份有限公司 | The HTTPS connection method of CDN network and CDN node server |
| US20190394031A1 (en) * | 2018-01-11 | 2019-12-26 | Beijing Guodian Tong Network Technology Co., Ltd | Method and device for quantum key fusion-based virtual power plant security communication and medium |
| CN111832083A (en) * | 2020-09-15 | 2020-10-27 | 江苏开博科技有限公司 | System resource tamper-proofing method based on block chain and national secret digital fingerprint technology |
| CN112134889A (en) * | 2020-09-23 | 2020-12-25 | 北京天融信网络安全技术有限公司 | SSL-based communication method, device and system |
| CN112398826A (en) * | 2020-11-03 | 2021-02-23 | 北京天融信网络安全技术有限公司 | Data processing method and device based on state password, storage medium and electronic equipment |
| EP3840327A1 (en) * | 2019-05-07 | 2021-06-23 | Huawei Technologies Co., Ltd. | Method for applying for digital certificate |
| CN113132394A (en) * | 2021-04-22 | 2021-07-16 | 中国建设银行股份有限公司 | Request processing system, method and device, storage medium and electronic equipment |
-
2021
- 2021-12-24 CN CN202111593966.7A patent/CN113992432A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107181716A (en) * | 2016-03-10 | 2017-09-19 | 上海传真通信设备技术研究所有限公司 | A kind of secure communication of network system and method based on national commercial cipher algorithm |
| CN105871873A (en) * | 2016-04-29 | 2016-08-17 | 国家电网公司 | Security encryption authentication module for power distribution terminal communication and method thereof |
| US20190394031A1 (en) * | 2018-01-11 | 2019-12-26 | Beijing Guodian Tong Network Technology Co., Ltd | Method and device for quantum key fusion-based virtual power plant security communication and medium |
| CN109040318A (en) * | 2018-09-25 | 2018-12-18 | 网宿科技股份有限公司 | The HTTPS connection method of CDN network and CDN node server |
| EP3840327A1 (en) * | 2019-05-07 | 2021-06-23 | Huawei Technologies Co., Ltd. | Method for applying for digital certificate |
| CN111832083A (en) * | 2020-09-15 | 2020-10-27 | 江苏开博科技有限公司 | System resource tamper-proofing method based on block chain and national secret digital fingerprint technology |
| CN112134889A (en) * | 2020-09-23 | 2020-12-25 | 北京天融信网络安全技术有限公司 | SSL-based communication method, device and system |
| CN112398826A (en) * | 2020-11-03 | 2021-02-23 | 北京天融信网络安全技术有限公司 | Data processing method and device based on state password, storage medium and electronic equipment |
| CN113132394A (en) * | 2021-04-22 | 2021-07-16 | 中国建设银行股份有限公司 | Request processing system, method and device, storage medium and electronic equipment |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114553594A (en) * | 2022-03-24 | 2022-05-27 | 浙江网商银行股份有限公司 | Method and device for protecting data security |
| CN114553594B (en) * | 2022-03-24 | 2024-05-14 | 浙江网商银行股份有限公司 | Method and device for protecting data security |
| CN114756495A (en) * | 2022-06-16 | 2022-07-15 | 中国人民解放军国防科技大学 | Operating system based on layered message soft bus model and implementation method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111371549B (en) | Message data transmission method, device and system | |
| US8694467B2 (en) | Random number based data integrity verification method and system for distributed cloud storage | |
| US11546348B2 (en) | Data service system | |
| US20110035582A1 (en) | Network authentication service system and method | |
| US9374222B2 (en) | Secure communication of data between devices | |
| WO2019134361A1 (en) | Method and device for calling an interface and responding to an interface call, electronic device, and medium | |
| CN112822255B (en) | Block chain-based mail processing method, mail sending end, receiving end and equipment | |
| CN113992432A (en) | Message processing method, message bus system, computer device, and storage medium | |
| CN107465665A (en) | A kind of file encryption-decryption method based on fingerprint identification technology | |
| CN112804217B (en) | Block chain technology-based evidence storing method and device | |
| US10063655B2 (en) | Information processing method, trusted server, and cloud server | |
| WO2017006118A1 (en) | Secure distributed encryption system and method | |
| US20140237239A1 (en) | Techniques for validating cryptographic applications | |
| CN115622772A (en) | Financial data transmission method and application gateway for financial business service | |
| CN114443718A (en) | Data query method and system | |
| CN113038463A (en) | Communication encryption authentication experimental device | |
| CN111800784A (en) | Block chain cloud service system based on cloud computing | |
| KR102377265B1 (en) | Apparatus in network | |
| CN115021919A (en) | SSL negotiation method, device, equipment and computer readable storage medium | |
| CN115102768A (en) | Data processing method and device and computer equipment | |
| CN111800384A (en) | Financial service application management method and device based on block chain | |
| Xu et al. | Strong leakage-resilient encryption: enhancing data confidentiality by hiding partial ciphertext | |
| KR100452766B1 (en) | Method for cryptographing a information | |
| CN113411347B (en) | Transaction message processing method and processing device | |
| CN116866029B (en) | Random number encryption data transmission method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220128 |
|
| RJ01 | Rejection of invention patent application after publication |